Vulnerabilities > CVE-2022-42126 - Unspecified vulnerability in Liferay Digital Experience Platform and Liferay Portal
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.
Vulnerable Configurations
References
- http://liferay.com
- http://liferay.com
- https://issues.liferay.com/browse/LPE-17593
- https://issues.liferay.com/browse/LPE-17593
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126